- The account promoted an airdrop of a supposed ERC-20 token called OPENAI
- The website shared in the compromised tweet mimicked the layout and design of a legitimate project named ChainGPT.
OpenAI’s Chief Technology Officer, Mita Murati, fell victim to a Twitter hack on June 2, resulting in the posting of a fraudulent cryptocurrency airdrop. The compromised account promoted an airdrop of a supposed ERC-20 token called OPENAI, named after the company behind the creation of ChatGPT.
The tweet contained a phishing link and was live for approximately an hour, attracting 79,600 views and 83 retweets before being removed. With a verified account and 126,200 followers, Murati’s compromised Twitter presence caused significant exposure to the scam. The tweet’s author restricted replies to prevent easy identification of the fraudulent nature of the link. Some users speculate that the incident may have been the result of a SIM-swapping attack.
The website shared in the compromised tweet exhibited a high level of sophistication, closely mimicking the layout and design of a legitimate project named ChainGPT. Notably, the fake website prompted visitors to connect their crypto wallets. By leveraging an available crypto wallet-draining kit, the attackers enticed unsuspecting users to sign requests.
Once the requests were signed, the perpetrators swiftly transferred NFTs and ERC-20 tokens out of the victims’ wallets. This incident serves as a reminder of the importance of robust security measures and vigilance in safeguarding social media accounts, particularly for individuals in influential positions.
Crypto airdrop phishing attacks are now becoming increasingly common in the Web3 space. According to cybersecurity firm Kaspersky’s report, phishing attacks have increased by 40% in 2022 compared to the previous year. Crypto airdrops are now being used as a legitimate tactic used by companies to amass a fan following.
Earlier this year, in March 2023, Arbitrum, one of Ethereum’s largest layer-2 scaling solutions, launched its native ARB governance token and airdropped 11.62 percent (1.162 billion) of the token’s circulating supply to its early supporters. This development has led to more than a few attempts from scammers to set up fake token airdrops aimed at stealing funds from victims ahead of the official event.
Last month, Arthur Madrid, co-founder and CEO of metaverse project The Sandbox’s Twitter was also hacked to promote a fake “airdrop” phishing scam.